<?php

class umUser{
	private static $instance;
	/**
	 * get instance
	 * 
	 * @return umUser
	 */
	public static function getInstance(){
		if(empty(self::$instance)){
			self::$instance = new self();
		}
		
		return self::$instance;
	}
	
	/**
	 * @var ADOConnection
	 */
	private $db;
	private $is_logged_in;
	private $is_admin;
	private $user_id;
	private $data;
	
	private function __construct(){
		$this->db = umDb::getDb();
		
		$this->init();
	}
	
	private function init(){
		//todo add login check
		$this->is_admin = false;
		$this->is_logged_in = false;
		$this->user_id = 0;
		
		if(!empty($_SESSION['user_id'])){
			$this->user_id = $_SESSION['user_id'];
			
			list($active, $admin, $name) = $this->db->getRow('SELECT active, administrator, name FROM users WHERE user_id='.$this->user_id);
			
			if($active!='true'){
				throw new Exception('INACTIVE USER', 403);
			}
			
			$this->data = array(
					'name' => $name,
					'last_login' => $_SESSION['last_login']
				);
			$this->is_logged_in = true;
			$this->is_admin = $admin=='true';
		}
	}
	
	public function isLoggedIn(){
		return $this->is_logged_in;
	}
	
	public function isAdministrator(){
		return $this->is_admin;
	}
	
	public function logout(){
		$_SESSION['user_id'] = 0;
		
		session_regenerate_id();
	}
	
	public function login($name, $password){
		session_regenerate_id();
		
		$sql = 'SELECT user_id, loginname, password, salt, time_last_login FROM users WHERE loginname='.$this->db->Quote($name).' AND active="true";';
		
		$found = $this->db->getRow($sql);
		
		if(empty($found)){
			throw new Exception('INVALID USERNAME', 403);
		}
		
		list($user_id, $loginname, $password_hash, $salt, $last_login) = $found;
		
		$this->user_id = $user_id;
		
		if($loginname !== $name){
			$this->addUserLog($user_id, 'LOGIN', 'invalid loginname, because of casesensitivity');
			throw new Exception('INVALID USERNAME - CHECK UPPER / LOWERCASE', 403);
		}
		
		if(!empty($salt)){
			//use salt to check password
			
			if(sha1(crypt($password, $salt))!=$password_hash){
				$this->addUserLog($user_id, 'LOGIN', 'invalid password');
				//throw new Exception('INVALID PASSWORD', 403);
			}
		}else{
			//direct check of password
			
			if(sha1($password)==$password_hash){
				$this->addUserLog($user_id, 'LOGIN', 'invalid password');
				//throw new Exception('INVALID PASSWORD', 403);
			}
		}
		
		$this->addUserLog($user_id, 'LOGIN', 'successfull login');
		
		$this->db->Execute('UPDATE users SET time_last_login=NOW() WHERE user_id='.$this->user_id);
		
		$_SESSION['user_id'] = $this->user_id;
		$_SESSION['last_login'] = $last_login;
		
		return true;
	}
	
	public function addUserLog($user_id, $type, $message){
		$data = array(
				'user_id' => $user_id,
				'from_user_id' => $this->user_id,
				'from_ip' => $_SERVER['REMOTE_ADDR'],
				'log_type' => $type,
				'time_created' => date('Y-m-d H:i:s'),
				'message' => $message
			);
			
		$this->db->AutoExecute('user_log', $data, 'INSERT');
	}
	
	public function get($name){
		if(!empty($this->data[$name])){
			return $this->data[$name];
		}
		
		return null;
	}
}
